Date: Tue, 28 Jul 2015 10:18:57 -0300 From: Renato Botelho <garga@FreeBSD.org> To: Gleb Smirnoff <glebius@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r285945 - head/sys/netpfil/pf Message-ID: <DA51CE87-C20B-46FB-8684-106CDF9B558F@FreeBSD.org> In-Reply-To: <20150728112051.GT72729@FreeBSD.org> References: <201507281031.t6SAVZnu046387@repo.freebsd.org> <20150728112051.GT72729@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Jul 28, 2015, at 08:20, Gleb Smirnoff <glebius@FreeBSD.org> wrote: >=20 > Renato, >=20 > On Tue, Jul 28, 2015 at 10:31:35AM +0000, Renato Botelho wrote: > R> Author: garga (ports committer) > R> Date: Tue Jul 28 10:31:34 2015 > R> New Revision: 285945 > R> URL: https://svnweb.freebsd.org/changeset/base/285945 > R>=20 > R> Log: > R> Respect pf rule log option before log dropped packets with IP = options or > R> dangerous v6 headers > R> =20 > R> Reviewed by: gnn, eri > R> Approved by: gnn > R> Obtained from: pfSense > R> MFC after: 3 days > R> Sponsored by: Netgate > R> Differential Revision: https://reviews.freebsd.org/D3222 > R>=20 > R> Modified: > R> head/sys/netpfil/pf/pf.c > R>=20 > R> Modified: head/sys/netpfil/pf/pf.c > R> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > R> --- head/sys/netpfil/pf/pf.c Tue Jul 28 09:36:26 2015 = (r285944) > R> +++ head/sys/netpfil/pf/pf.c Tue Jul 28 10:31:34 2015 = (r285945) > R> @@ -5895,7 +5895,8 @@ done: > R> !((s && s->state_flags & PFSTATE_ALLOWOPTS) || = r->allow_opts)) { > R> action =3D PF_DROP; > R> REASON_SET(&reason, PFRES_IPOPTIONS); > R> - log =3D 1; > R> + if (r->log) > R> + log =3D 1; > R> DPFPRINTF(PF_DEBUG_MISC, > R> ("pf: dropping packet with ip options\n")); > R> } > R> @@ -6329,7 +6330,8 @@ done: > R> !((s && s->state_flags & PFSTATE_ALLOWOPTS) || = r->allow_opts)) { > R> action =3D PF_DROP; > R> REASON_SET(&reason, PFRES_IPOPTIONS); > R> - log =3D 1; > R> + if (r->log) > R> + log =3D 1; > R> DPFPRINTF(PF_DEBUG_MISC, > R> ("pf: dropping packet with dangerous v6 = headers\n")); > R> } >=20 > Why not simply: >=20 > log =3D r->log; >=20 > ? >=20 > That would also match the style of the function, since it already has: >=20 > log =3D s->log; Thanks for pointing this out. Do you approve the following patch? Index: sys/netpfil/pf/pf.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sys/netpfil/pf/pf.c (revision 285945) +++ sys/netpfil/pf/pf.c (working copy) @@ -5895,8 +5895,7 @@ !((s && s->state_flags & PFSTATE_ALLOWOPTS) || = r->allow_opts)) { action =3D PF_DROP; REASON_SET(&reason, PFRES_IPOPTIONS); - if (r->log) - log =3D 1; + log =3D r->log; DPFPRINTF(PF_DEBUG_MISC, ("pf: dropping packet with ip options\n")); } @@ -6330,8 +6329,7 @@ !((s && s->state_flags & PFSTATE_ALLOWOPTS) || = r->allow_opts)) { action =3D PF_DROP; REASON_SET(&reason, PFRES_IPOPTIONS); - if (r->log) - log =3D 1; + log =3D r->log; DPFPRINTF(PF_DEBUG_MISC, ("pf: dropping packet with dangerous v6 = headers\n")); } -- Renato Botelho
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DA51CE87-C20B-46FB-8684-106CDF9B558F>